“…They are AS/NZS 4360:1999;AIRMIC, ALARM, IRM: 2002;BS 31100: 2008;BS 31100:2011 andISO 31000:2009 for generic risk; The ISO 27005:2011 was also reviewed which is specific to information security risk management. A number of risk management approaches from scholars, including Humphreys (2008), Misra et al (2007), Tsohou et al (2006), Kwok and Longley (1999), Spinellis et al (1999), Halliday et al (1996), and Baskerville (1991), were also studied and discussed. AS/NZS 4360 is a widely recognized risk management standard.…”